[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5472) ldap_get_values() should handle paged results from LDAP/AD

Just a quick reply for future reference if others ask about the same
and find this request.

[Kurt Zeilenga]
> No.  Attribute description options cannot contain equal signs.  See
> RFC 4512.

Thank you for your reply.  It was very valuable for me that is not as
well lectured in the LDAP specification.  It is now obvious to me that
the extention used by Active Directory LDAP is outside the
RFC-documented LDAP specification.

I've been told that AD range feature is documented in an expired draft
RFC, available from
<URL: http://www.tkk.fi/cc/docs/kerberos/draft-kashi-incremental-00.txt >.
I'm not sure what was discussed about this draft, but it expired a
long time ago.  Anyway, the draft can be used to understand how the
feature is working.  It claim that it is possible to see in
supportedControls if this range feature is used by the server.  This
could be used to enable this feature at runtime, if one wanted to
implement the non-conforming feature.  I suspect I have to go in that
direction, as the project requirements are to use LDAP from AD. :/

> If you want to implement this crap, you can do so without additional
> support from LDAP API.  Use ldap_first/next_attribute API.

Good idea.  I have since found out that this ranged multivalue feature
is implemented in nss-ldap, and hope it is possible to reuse some code
there in nss-ldapd.

Happy hacking,
Petter Reinholdtsen